SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 1

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 2

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

ENV02-C J

low

unlikely

medium

P2

L3

Automated Detection

Compass/ROSE

Tool

Version

Checker

Description

Section

 

 

 

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

CERT C Secure Coding Standard

ENV02-C. Beware of multiple environment variables with the same effective name

CERT C++ Secure Coding Standard

...

ENV02-CPP. Beware of multiple environment variables with the same effective name

ISO/IEC 9899:1999

Section 7.20.4, "Communication with the Environment"

ISO/IEC TR 24772

"XYS Executing or Loading Untrusted Code"

MITRE CWE

...

CWE-462, "Duplicate Key in Associative List (Alist)"

MITRE CWE

...

CWE-807, "Reliance on Untrusted Inputs in a Security Decision"

Bibliography

<ac:structured-macro ac:name="unmigrated-wiki-markup

...

" ac:schema-version="1" ac:macro-id="0c578aea-7d1c-4acb-9466-6b3ce447c61c"><ac:plain-text-body><![CDATA[

[[MSDN

...

AA.

...

Bibliography#MSDN]

...

]

...

[

...

getenv()

...

http://msdn.microsoft.com/en-us/library/tehxacec(VS.71).aspx]

]]></ac:plain-text-body></ac:structured-macro>

...

void ENV05-J. Do not grant RuntimePermission with target createClassLoader      15. Runtime Environment (ENV)      ENV07-J. Do not deploy an application that can be accessed using the Java Platform Debugger Architecture